diff options
author | lpsolit%gmail.com <> | 2007-11-30 02:54:25 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2007-11-30 02:54:25 +0100 |
commit | 641f68eed63a982261e37431b6265d01914583a6 (patch) | |
tree | c571475449b681cf4e25812eaf76d4d3f4f8851c /Bugzilla | |
parent | f394b2ed4f175bf6076747ba7792e182841091ab (diff) | |
download | bugzilla-641f68eed63a982261e37431b6265d01914583a6.tar.gz bugzilla-641f68eed63a982261e37431b6265d01914583a6.tar.xz |
Bug 405788: $bug->add_comment incorrectly calls check_can_change_field() - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
Diffstat (limited to 'Bugzilla')
-rwxr-xr-x | Bugzilla/Bug.pm | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/Bugzilla/Bug.pm b/Bugzilla/Bug.pm index 0a45daf14..7c0cc191f 100755 --- a/Bugzilla/Bug.pm +++ b/Bugzilla/Bug.pm @@ -1565,10 +1565,6 @@ sub add_comment { my ($self, $comment, $params) = @_; $comment = $self->_check_comment($comment); - # XXX At some point we need to refactor check_can_change_field - # so that custom installs can use PrivilegesRequired here. - $self->check_can_change_field('longdesc') - || ThrowUserError('illegal_change', { field => 'longdesc' }); $params ||= {}; if (exists $params->{work_time}) { @@ -1589,6 +1585,11 @@ sub add_comment { return; } + # So we really want to comment. Make sure we are allowed to do so. + my $privs; + $self->check_can_change_field('longdesc', 0, 1, \$privs) + || ThrowUserError('illegal_change', { field => 'longdesc', privs => $privs }); + $self->{added_comments} ||= []; my $add_comment = dclone($params); $add_comment->{thetext} = $comment; |